[CWS] de-duplicate common code between OS in functional tests

pkg/security/tests/activity_dumps_common.go

@@ -27,7 +27,6 @@ const (
 )
 
 var (
-	testActivityDumpDuration             = time.Minute * 10
 	testActivityDumpLoadControllerPeriod = time.Second * 10
 )
 

pkg/security/tests/main_test.go

@@ -34,6 +34,8 @@ func TestMain(m *testing.M) {
 }
 
 var (
+	commonCfgDir string
+
 	logLevelStr     string
 	logPatterns     stringSlice
 	logTags         stringSlice

pkg/security/tests/module_tester.go

@@ -56,14 +56,19 @@ const (
 	Skip
 )
 const (
-	getEventTimeout                 = 10 * time.Second
-	filelessExecutionFilenamePrefix = "memfd:"
+	getEventTimeout = 10 * time.Second
 )
 
 var (
 	errSkipEvent = errors.New("skip event")
 )
 
+const (
+	testActivityDumpDuration = time.Minute * 10
+)
+
+var testMod *testModule
+
 func (s *stringSlice) String() string {
 	return strings.Join(*s, " ")
 }
@@ -517,6 +522,29 @@ func (tm *testModule) Create(filename string) (string, unsafe.Pointer, error) {
 	return testFile, testPtr, err
 }
 
+// NewTimeoutError returns a new timeout error with the metrics collected during the test
+func (tm *testModule) NewTimeoutError() ErrTimeout {
+	var msg strings.Builder
+
+	msg.WriteString("timeout, details: ")
+	tm.writePlatformSpecificTimeoutError(&msg)
+
+	events := tm.ruleEngine.StopEventCollector()
+	if len(events) != 0 {
+		msg.WriteString("\nevents evaluated:\n")
+
+		for _, event := range events {
+			msg.WriteString(fmt.Sprintf("%s (eval=%v) {\n", event.Type, event.EvalResult))
+			for field, value := range event.Fields {
+				msg.WriteString(fmt.Sprintf("\t%s=%v,\n", field, value))
+			}
+			msg.WriteString("}\n")
+		}
+	}
+
+	return ErrTimeout{msg.String()}
+}
+
 func (tm *testModule) WaitSignal(tb testing.TB, action func() error, cb onRuleHandler) {
 	tb.Helper()
 
@@ -886,3 +914,18 @@ func jsonPathValidation(testMod *testModule, data []byte, fnc func(testMod *test
 
 	fnc(testMod, obj)
 }
+
+type onRuleHandler func(*model.Event, *rules.Rule)
+type onProbeEventHandler func(*model.Event)
+type onCustomSendEventHandler func(*rules.Rule, *events.CustomEvent)
+type onSendEventHandler func(*rules.Rule, *model.Event)
+type onDiscarderPushedHandler func(event eval.Event, field eval.Field, eventType eval.EventType) bool
+
+type eventHandlers struct {
+	sync.RWMutex
+	onRuleMatch       onRuleHandler
+	onProbeEvent      onProbeEventHandler
+	onCustomSendEvent onCustomSendEventHandler
+	onSendEvent       onSendEventHandler
+	onDiscarderPushed onDiscarderPushedHandler
+}

pkg/security/tests/module_tester_linux.go

@@ -38,14 +38,12 @@ import (
 	"github.com/DataDog/datadog-agent/pkg/eventmonitor"
 	secconfig "github.com/DataDog/datadog-agent/pkg/security/config"
 	"github.com/DataDog/datadog-agent/pkg/security/ebpf/kernel"
-	"github.com/DataDog/datadog-agent/pkg/security/events"
 	"github.com/DataDog/datadog-agent/pkg/security/module"
 	sprobe "github.com/DataDog/datadog-agent/pkg/security/probe"
 	"github.com/DataDog/datadog-agent/pkg/security/proto/api"
 	cgroupModel "github.com/DataDog/datadog-agent/pkg/security/resolvers/cgroup/model"
 	rulesmodule "github.com/DataDog/datadog-agent/pkg/security/rules"
 	"github.com/DataDog/datadog-agent/pkg/security/rules/bundled"
-	"github.com/DataDog/datadog-agent/pkg/security/secl/compiler/eval"
 	"github.com/DataDog/datadog-agent/pkg/security/secl/model"
 	"github.com/DataDog/datadog-agent/pkg/security/secl/rules"
 	activity_tree "github.com/DataDog/datadog-agent/pkg/security/security_profile/activity_tree"
@@ -62,6 +60,10 @@ var (
 	logger seelog.LoggerInterface
 )
 
+const (
+	filelessExecutionFilenamePrefix = "memfd:"
+)
+
 const testConfig = `---
 log_level: DEBUG
 system_probe_config:
@@ -229,24 +231,6 @@ type testModule struct {
 	msgSender     *fakeMsgSender
 }
 
-var testMod *testModule
-var commonCfgDir string
-
-type onRuleHandler func(*model.Event, *rules.Rule)
-type onProbeEventHandler func(*model.Event)
-type onCustomSendEventHandler func(*rules.Rule, *events.CustomEvent)
-type onSendEventHandler func(*rules.Rule, *model.Event)
-type onDiscarderPushedHandler func(event eval.Event, field eval.Field, eventType eval.EventType) bool
-
-type eventHandlers struct {
-	sync.RWMutex
-	onRuleMatch       onRuleHandler
-	onProbeEvent      onProbeEventHandler
-	onCustomSendEvent onCustomSendEventHandler
-	onSendEvent       onSendEventHandler
-	onDiscarderPushed onDiscarderPushedHandler
-}
-
 //nolint:deadcode,unused
 func getInode(tb testing.TB, path string) uint64 {
 	fileInfo, err := os.Lstat(path)
@@ -1620,28 +1604,9 @@ func (tm *testModule) GetADSelector(dumpID *activityDumpIdentifier) (*cgroupMode
 	return &selector, err
 }
 
-// NewTimeoutError returns a new timeout error with the metrics collected during the test
-func (tm *testModule) NewTimeoutError() ErrTimeout {
-	var msg strings.Builder
-
-	msg.WriteString("timeout, details: ")
-	msg.WriteString(GetEBPFStatusMetrics(tm.probe))
-	msg.WriteString(spew.Sdump(ebpftelemetry.GetProbeStats()))
-
-	events := tm.ruleEngine.StopEventCollector()
-	if len(events) != 0 {
-		msg.WriteString("\nevents evaluated:\n")
-
-		for _, event := range events {
-			msg.WriteString(fmt.Sprintf("%s (eval=%v) {\n", event.Type, event.EvalResult))
-			for field, value := range event.Fields {
-				msg.WriteString(fmt.Sprintf("\t%s=%v,\n", field, value))
-			}
-			msg.WriteString("}\n")
-		}
-	}
-
-	return ErrTimeout{msg.String()}
+func (tm *testModule) writePlatformSpecificTimeoutError(b *strings.Builder) {
+	b.WriteString(GetEBPFStatusMetrics(tm.probe))
+	b.WriteString(spew.Sdump(ebpftelemetry.GetProbeStats()))
 }
 
 func (tm *testModule) WaitSignals(tb testing.TB, action func() error, cbs ...func(event *model.Event, rule *rules.Rule) error) {

pkg/security/tests/module_tester_windows.go

@@ -14,37 +14,27 @@ import (
 	"strings"
 	"sync"
 	"testing"
-	"time"
 
 	"github.com/hashicorp/go-multierror"
 
 	"github.com/DataDog/datadog-agent/pkg/eventmonitor"
 	secconfig "github.com/DataDog/datadog-agent/pkg/security/config"
-	"github.com/DataDog/datadog-agent/pkg/security/events"
 	"github.com/DataDog/datadog-agent/pkg/security/module"
 	sprobe "github.com/DataDog/datadog-agent/pkg/security/probe"
 	rulesmodule "github.com/DataDog/datadog-agent/pkg/security/rules"
-	"github.com/DataDog/datadog-agent/pkg/security/secl/compiler/eval"
 	"github.com/DataDog/datadog-agent/pkg/security/secl/model"
 	"github.com/DataDog/datadog-agent/pkg/security/secl/rules"
 	"github.com/DataDog/datadog-agent/pkg/security/tests/statsdclient"
 	"github.com/DataDog/datadog-agent/pkg/util/log"
 )
 
-var (
-	testActivityDumpDuration             = time.Second * 30
-	testActivityDumpLoadControllerPeriod = time.Second * 10
-)
-
 const testConfig = `---
 log_level: DEBUG
 
 event_monitoring_config:
   remote_tagger: false
   custom_sensitive_words:
     - "*custom*"
-  network:
-    enabled: true
   flush_discarder_window: 0
 {{if .DisableFilters}}
   enable_kernel_filters: false
@@ -55,8 +45,6 @@ event_monitoring_config:
 {{if .DisableDiscarders}}
   enable_discarders: false
 {{end}}
-  erpc_dentry_resolution_enabled: {{ .ErpcDentryResolutionEnabled }}
-  map_dentry_resolution_enabled: {{ .MapDentryResolutionEnabled }}
   envs_with_value:
   {{range .EnvsWithValue}}
     - {{.}}
@@ -75,49 +63,6 @@ runtime_security_config:
   sbom:
     enabled: {{ .SBOMEnabled }}
   fim_enabled: {{ .FIMEnabled }}
-  activity_dump:
-    enabled: {{ .EnableActivityDump }}
-{{if .EnableActivityDump}}
-    rate_limiter: {{ .ActivityDumpRateLimiter }}
-    tag_rules:
-      enabled: {{ .ActivityDumpTagRules }}
-    dump_duration: {{ .ActivityDumpDuration }}
-    {{if .ActivityDumpLoadControllerPeriod }}
-    load_controller_period: {{ .ActivityDumpLoadControllerPeriod }}
-    {{end}}
-    {{if .ActivityDumpCleanupPeriod }}
-    cleanup_period: {{ .ActivityDumpCleanupPeriod }}
-    {{end}}
-    {{if .ActivityDumpLoadControllerTimeout }}
-    min_timeout: {{ .ActivityDumpLoadControllerTimeout }}
-    {{end}}
-    traced_cgroups_count: {{ .ActivityDumpTracedCgroupsCount }}
-    cgroup_differentiate_args: {{ .ActivityDumpCgroupDifferentiateArgs }}
-    auto_suppression:
-      enabled: {{ .ActivityDumpAutoSuppressionEnabled }}
-    traced_event_types:   {{range .ActivityDumpTracedEventTypes}}
-    - {{.}}
-    {{end}}
-    local_storage:
-      output_directory: {{ .ActivityDumpLocalStorageDirectory }}
-      compression: {{ .ActivityDumpLocalStorageCompression }}
-      formats: {{range .ActivityDumpLocalStorageFormats}}
-      - {{.}}
-      {{end}}
-{{end}}
-  security_profile:
-    enabled: {{ .EnableSecurityProfile }}
-{{if .EnableSecurityProfile}}
-    dir: {{ .SecurityProfileDir }}
-    watch_dir: {{ .SecurityProfileWatchDir }}
-    anomaly_detection:
-      enabled: true
-      default_minimum_stable_period: {{.AnomalyDetectionDefaultMinimumStablePeriod}}
-      minimum_stable_period:
-        exec: {{.AnomalyDetectionMinimumStablePeriodExec}}
-        dns: {{.AnomalyDetectionMinimumStablePeriodDNS}}
-      workload_warmup_period: {{.AnomalyDetectionWarmupPeriod}}
-{{end}}
 
   self_test:
     enabled: false
@@ -132,8 +77,6 @@ runtime_security_config:
   {{range .LogTags}}
     - {{.}}
   {{end}}
-  ebpfless:
-    enabled: {{.EBPFLessEnabled}}
   enforcement:
     exclude_binaries:
       - {{ .EnforcementExcludeBinary }}
@@ -148,21 +91,6 @@ runtime_security_config:
         period: {{.EnforcementDisarmerExecutablePeriod}}
 `
 
-type onRuleHandler func(*model.Event, *rules.Rule)
-type onProbeEventHandler func(*model.Event)
-type onCustomSendEventHandler func(*rules.Rule, *events.CustomEvent)
-type onSendEventHandler func(*rules.Rule, *model.Event)
-type onDiscarderPushedHandler func(event eval.Event, field eval.Field, eventType eval.EventType) bool
-
-type eventHandlers struct {
-	sync.RWMutex
-	onRuleMatch       onRuleHandler
-	onProbeEvent      onProbeEventHandler
-	onCustomSendEvent onCustomSendEventHandler
-	onSendEvent       onSendEventHandler
-	onDiscarderPushed onDiscarderPushedHandler
-}
-
 type testModule struct {
 	sync.RWMutex
 	secconfig     *secconfig.Config
@@ -179,9 +107,6 @@ type testModule struct {
 	ruleEngine    *rulesmodule.RuleEngine
 }
 
-var testMod *testModule
-var commonCfgDir string
-
 func newTestModule(t testing.TB, macroDefs []*rules.MacroDefinition, ruleDefs []*rules.RuleDefinition, fopts ...optFunc) (*testModule, error) {
 
 	var opts tmOpts
@@ -300,24 +225,5 @@ func (tm *testModule) Close() {
 	tm.eventMonitor.Close()
 }
 
-// NewTimeoutError returns a new timeout error with the metrics collected during the test
-func (tm *testModule) NewTimeoutError() ErrTimeout {
-	var msg strings.Builder
-
-	msg.WriteString("timeout, details: ")
-
-	events := tm.ruleEngine.StopEventCollector()
-	if len(events) != 0 {
-		msg.WriteString("\nevents evaluated:\n")
-
-		for _, event := range events {
-			msg.WriteString(fmt.Sprintf("%s (eval=%v) {\n", event.Type, event.EvalResult))
-			for field, value := range event.Fields {
-				msg.WriteString(fmt.Sprintf("\t%s=%v,\n", field, value))
-			}
-			msg.WriteString("}\n")
-		}
-	}
-
-	return ErrTimeout{msg.String()}
+func (tm *testModule) writePlatformSpecificTimeoutError(b *strings.Builder) {
 }